CRN learned that the Framingham, Mass.-based office supply retailer was impacted by the ChangeUp worm, a fast-spreading attack designed to spread via network shared drives. Once systems are infected with ChangeUp, the worm contacts a remote server to download additional malware, which can range from banking Trojans to keystroke loggers designed to record keystrokes to steal account credentials.

Staples spokesperson Mark Cautela said last week that he would look into the matter but has not returned repeated requests for information about the attack or whether any customer data was exposed as a result of the incident.

Security experts said shared drives are typically isolated from servers containing more sensitive data; however, file shares could contain intellectual property and other information that could be high-value assets to the retailer.